Kristi wrote a guest blog post at TechJaws about the attack last weekend on her well known Kikolani Blog by the PHP Script Injection Exploit in WordPress 2.7.1. Kristi explains how she restored her blog and dealt with the issue. The UnMask Parasites blog provides additional details on what is known about this particular malware which has been dubbed the Gumblar .cn Exploit.
Gumblar exploit does NOT affect only WordPress. It can target any site using .php including Drupal, PhotoPost and even the Bangalore Telecom Web site.
The resources below will assist you in assessing your risk, increasing security for your WordPress blog and removing this exploit if you are already affected.
WordPress Security Resources:
- Should You Be Concerned About Your WordPress Security? (May 12, 2009)
- Securing Your WordPress Blog (Jan 14, 2009)
- In Depth Tutorial On How To Secure Your WordPress Blog Tip 1 (Apr 8, 2009)
- 18 WordPress Plugins Plus Tips to Secure Your Blog (Mar 13, 2009)
- Dan Nedelko WordPress Security Plugins (Apr 23, 2009)
- Maximum WordPress Security Plugin Announcement (Jan 3, 2009)
- Sucuri: WordPress Hardening (How to obscure WordPress and Apache version details)
- 13 Vital Tips and Hacks to Protect Your WordPress Admin Area
Security Monitoring Tools for WordPress:
- Fast, simple way to check public information for yours or any other Web site: Sucuri Web Information Gathering Tool
- Search Engine Snark recommends these Tools for Monitoring WordPress Security
WordPress Security Audit Services:
- Performancing Services offers WordPress Security Auditing
WordPress Security Plugins:
- Maximum Security WordPress Security Plugin
- WpBeginner post about WordPress File Monitor – download WordPress File Monitor from WP plugin Directory
The following two tabs change content below.
Gail Gardner
Small Business Marketing Strategist at GrowMap
Gail Gardner is the founder of GrowMap.com. She is a Small Business Marketing Strategist who mentors small businesses, bloggers, and freelancers.
After 23 years in the field with IBM and 5.5 years managing AdWords accounts, her focus shifted to small business marketing strategy. GrowMap.com is listed by Cision as a Top 100 Site for Marketers and has received three Small Business Influencer Awards from Small Business Trends.
Named by D&B a Top 50 SMB Influencer on Twitter, you can follow Gail @GrowMap and on LinkedIn.
Latest posts by Gail Gardner (see all)
- How to Attract Organic Links and Mentions with Content - February 10, 2020
- 50 Places to Repurpose Web Conferences as Video Content - January 22, 2020
- How to Stop Doing Outreach Wrong! What Sites Really Want - November 29, 2019
Thank you ver much for the warning
I love WordPress Blog! I am regular visitor of your blog.and getting quite informative posts.i have already learn more than enough from this blog.so thanks for sharing. Known the adjuration of mate ship can never be bound by bounded distance.
Didn’t even know that this could happen.
Is this exploit fixed in the newer versions of wp?
And are there new exploits? (probably)
Danny would love you to read ..Remington RM1015P 10-Inch 8 Amp Electric Pole chain Saw
I only just recently heard of this gumblar nastiness, seemed to be a big deal about the time of this post though. Glad I wasn’t a fan of Kristi’s blog back then. To my knowledge I’ve never had anything like that, hopefully I never will.
I’ve visited Kikolani blog, its brilliant and Kristi is doing great work. I found the post very interesting and I’ll certainly check the links. Also, I’m really glad that I came across this blog because everything about this blog is enriching and very helpful.
I glad Gumblar didn’t affect my blog. As a relatively new blogger, I’m not sure what I’m going to do if I’m affected by a virus. It’s great that people with more tech experience share!
Well this is strange and I got to be conscious about this.
me too..when i read this it made me aware of that is happening is WP
I’ve had my blog using wordpress hacked by someone else, all my files gone, but I do not know whether this is caused by Gumblar PHP Exploit
I remember the Gumblar Php giving me a few problems back in the day.
Thank you very much! Appreciate the help
You people doing some thing extra ordinary as compared to other blogger. i am regular visitor of your blog.and getting quite informative posts.i have already learn more than enough from this blog.so thanks for sharing.
GREAT guest post by Kristi about getting your blog hacked. I have similar security concerns, wow.
Do these hackers have nothing better to do than sit around making up viruses to ruin people’s websites? Ridiculous, I feel bad for Kristi. Good to know it targets everything including but not limited to WordPress.
I think they have too much time on their hands and too much knowledge. I get really irritated when I hear about things like this. It amazes me that people do not care to hurt someone else. Did they never learn empathy? Or any type of compassion? I do try to treat others as I want to be treated.
Fantastic most, I really enjoyed reading it but, I think it could of clarified things up a little better.
Thanks for the heads up about this, I don’t use WordPress at the moment, but my friend does so will make sure he sees this. This hacking stuff really pisses me off and rightly so. People put hard work into creating their websites and blogs and putting something together for others to enjoy. It is just too bad that people seem to enjoy taking the time to damage what others have taken time to create.
WordPress exploits are local to the installation itself, and likely do not affect installations on a host’s. When this exploit gets loaded and sees GoogleBot, it spits out its content – which is normally a big wad of pharmaceutical SPAM, like Cialis, Viagra, etc. Google picks it up in it’s search results and the content the SPAM links to gets a bump in Google’s search ranking.
.-= Tamara @ spiderman costumes for kids´s featured blog ..Kids Spiderman Muscle Costume =-.
Do you know if this exploit has been rectified in WP 3.0 or are we still vulnerable to php / mysql injections?
I know that there are good people who can easily hack a system and they can just block and destroy your system. At least an updated blog was posted.
I read about it some days ago in another blog and the main things that you mention here are very similar
Thank you very much! Appreciate the heads up.
.-= Brian@Caroline´s featured blog ..Best WordPress Plugin =-.
Getting a site hacked is certainly no fun at all – I had one hacked a few years ago and it took way too much time to get things back in order – not fun. If I had just picked a stronger password it may not have happened at all.
Getting a site hacked is certainly no fun at all – I had one hacked a few years ago and it took way too much time to get things back in order – not fun.
I think these have all been fixed now with the new wordpress. Thank god!
.-= Andy @ Directory Submission´s last blog ..Directory Submission =-.
I’ve been trying to find some sort of way to make wordpress more secure so that these PHP injections don’t happen so easily. Can anyone recommend some measures that I can take to protect my blog?
.-= James@Pool Vacuum Cleaners´s last blog ..Contact Us =-.
One of my niche websites was hit by this and let me just say that it was not pretty. My advice: Backup often! This can really mess things up, and if you don’t have a recent backup of your database you are in trouble..
Thanks for the post.. i must aware about this kind of hack today
.-= nurussadad´s last blog ..Door Duisternis tot Licht =-.
I am so happy I found your blog!
I randomly found this through a search and Im so glad!
.-= Ryan Stickel´s last blog ..http://starz.com/features/spartacus/widget =-.
A few major companies actually hire these hackers, because they were so talented as to break into their system. Maybe that’s the answer, feed the poor and renegades of society, offer them work. Yes, let’s hack the hackers!
A few major companies actually hire these hackers, because they were so talented as to break into their system. Maybe that’s the answer, feed the poor and renegades of society, offer them work. Yes, let’s hack the hackers!
Currently I am using blogspot and I am planning to switch to wordpress because of its great feature. So I am collecting more information about wordpress. Anyway, Thanks.
Hello Computer Tips,
Be sure to read my post about setting up WordPress blogs for businesses. It contains much valuable information on Business Blogging.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Not sure what you mean by the PR
InStockPhones is referring to Google Page Rank. There are many explanations of what it is online including this one on What is Google PageRank.
There is much disinformation online about almost everything and especially about SEO so never believe everything you read.
.-= growmap´s last blog ..MEME: BizLuv in Support of Small Businesses =-.
I have noticed that in the recent google PR update, it does not update the PR for most blogs powered by WP and this could be the reason that why google did this.
Hello,
I don’t watch the PR updates very closely but I know that many blogs that are more tightly focused on SEO do. While I need to update it you may be able to find some of the best blogs that cover that subject on my personal GrowMap MyAlltop page.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Yes attacks happen now on everywhere not only on such blogs and failures occur everywhere
I just started using word press and had no idea about any of that stuff. Great article.
.-= Amanda´s last blog ..Bearpaw Women’s 419 Demi Boot =-.
nice post with useful information…
WordPress has to update for bugs and security flaws so often that it only pays to bother upgrading when its a very critical security flaw.
Thanks for the head’s up. Even though WP lets you upgrade wordpress right in the dash, it’s still something i’m worried ver because i tend to think it will break something..
.-= Josiah@ Watch Dead Like Me Online´s last blog ..Season 2: Episode 15 =-.
They have to figure out something, but then the hackers will figure another way to screw us..lol
Yes, that is pretty much true. It is an eternal cat and mouse game.
.-= growmap´s last blog ..Better Twitter Retweets From Favorite Twitter Apps =-.
There’s a lot of talk about hacks to WP based sites. It’d be great if you can write a post about what to do after such a hack. A clear step-by-step guide or something would help.
.-= Computer Maintenance Guide´s last blog ..Delete Temporary Files/Cache and Speed Up Your Computer =-.
Hello,
Security is a specialty that I usually leave to experts. Although I have a very technical background I rely on others to adminstrate technical aspects in my blogs. I did include a link to how to recover from this one and will gladly update this post with any other relevant links I find or that my readers can suggest.
.-= Internet Strategist @GrowMap´s last blog ..Best of GrowMap: Our Pillar Foundation Content =-.
any other ways to restore it?
ac and the house lighting
All bloggers need to be aware that in order to restore any site there needs to be a backup (ideally a CURRENT backup). While most better hosting companies should do this for you it is unwise to rely on that. It is better to set up backups that are automatically emailed to you.
.-= growmap´s last blog ..MEME: BizLuv in Support of Small Businesses =-.
Im pretty sure the anti virus wont be able to protect it unfortunately…
.-= Aaron @ Huffy Green Machine 2´s last blog ..Huffy Pink Green Machine =-.
Thanks for the heads up about this matter. I just started using WP about 6 weeks ago and have noticed this kind of thing happens a lot…i guess thats the downside of using the platform…in any case, staying in tune will help us all remove these types of threats.
.-= Adam @ Eyeclops Night Vision Goggles´s last blog ..Eyeclops Night Vision Binoculars =-.
Hello Adam,
I don’t hear about these types of issues too often. Given the huge number of WordPress blogs we are fortunate there aren’t more of these problems.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Will the anti virus detect it?
.-= letter opener as christmas gift´s last blog ..Promotional letter opener for marketing events =-.
I would guess probably not.
Well that, that is interesting. I guess I will have to keep updating my wordpress so I make sure that I dont get screwed over.
.-= jON@Facial Hair Removal´s last undefined ..If you register your site for free at =-.
Yes Jon, it is unfortunate that some dedicate their lives to causing problems for others. If they are smart enough to do that one would hope they could find something more productive and beneficial to focus on.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Thanks for this very informative information. This is a good view to know things about .php
.-= ryan@chicco car seat´s last blog ..Chicco Baby Products – Introduction =-.
Welcome UK,
While there are some who will recommend Drupal too, there is far more activity and many more plugins already written for WordPress. You may also be interested in our posts about growing any business and especially How to Start a Successful Blog Based Business
.-= Internet Strategist @GrowMap´s last blog ..Instantly Acquire 76 High Quality Incoming Links =-.
Backup and update! ALWAY AND ALWAYS. Nice post!
.-= Ben@Maybelline´s last blog ..Maybelline XXL Mascara – FREE! =-.
Hi Ben,
You know many people don’t know how to backup and aren’t doing it. Most only start after they’ve had their first major loss. Perhaps this post will motivate them to take action sooner instead of after it is too late.
.-= Internet Strategist @GrowMap´s last blog ..Success IS a Numbers Game =-.
After reading a bunch of exploit news I started increasing the time my database backup plugin sends me a backup to my email. If anything happens to any of my blogs I can restore it with the backup. If anyone doesn’t use a backup plugin you should get one asap. It will help out even if you make a mistake on your side and lose precious data
.-= Tony@Baby Cot´s last blog ..Baby Cot Furniture =-.
Hi Tony,
Thank you for sharing that excellent tip. You are absolutely correct. After Derek Semmler had hosting failure I checked with him and he assures me he has backups of our sites emailed to him regularly so we won’t lose anything should our host lose a server or get hacked.
For those who don’t know, you can restore an entire site from the last backup you have so you want to have backups sent as frequently as you tend to update content. If you make any major changes you will want a fresh backup asap.
.-= Internet Strategist @GrowMap´s last blog ..Local Search Directory Taps the Power of Television =-.
A bit off topic…just wanted to ask you for some hlep.
I’m using WordPress verison 2.6.1 and I got hacked a few days ago…some bastard really screwed up my site.
I was wondering if you’ve been hacked and how you fixed it….how do you find the leak?
.-= Sharon@Steve@Semenax´s last blog ..Fruit, Veggies, and a Side Order of Sex | Foods To Increase Libido =-.
Hi Steven,
I remember your question and thought I had answered it. We lost power suddenly and I may have lost it along the way. I rely on others for technical support so if I did get hacked – which thankfully has not happened – I would have to get them to assist.
If someone needed assistance with their WordPress blog I would recommend they contact Sammy Russo at Search Friendly Web Design.
.-= Internet Strategist @GrowMap´s last blog ..How to Optimize Your PPC Advertising to Benefit YOU =-.
Strong set of resources tips, thank you. I don’t think this resource has been mentioned: http://digwp.com/ but these guys have some great suggestions regarding WP security.
Thank you, John, for sharing that additional resource.
.-= Internet Strategist @GrowMap´s last blog ..How to Evaluate Your AdWords Accounts =-.
Hey, I appreciate those resources for finding out your WordPress security risk. WordPress is a huge learning process, so that’s always why I look for more information to make sure that I am not missing anything when it comes to my blog. That would be a terrible mistake!
Hi Mark,
There will always be more to learn so collaborating and sharing what we find can really save time. I appreciate you being one of my most regular commentators. Thank you.
.-= Internet Strategist @GrowMap´s last blog ..How to Evaluate Your AdWords Accounts =-.
I am always concerned about my WordPress security vulnerabilities. If you use the right plugins you can make it a lot more inconvenient for your system to be hacked. Thank you for the links, I recommend that everyone looks over them.
.-= Zicam Lawsuit Attorneys´s last blog ..Longview attorneys file more lawsuits against makers of Zicam – Southeast Texas Record =-.
Hello Zicam,
Any site can be hacked so we all have to be wary and plug any security flaws that are identified. Wouldn’t it be great if hackers would find something more useful to do?
.-= Internet Strategist @GrowMap´s last blog ..Social Networking is NOT Chat =-.
I thought this was only for WordPress. Will have to take a look at some of my other sites now. 🙁
Thanks for highlighting the exploits. Apparently my wordpress was hacked earlier with some russian guy stuffing russian site links in my index file.
Hi John,
I am sorry to hear you were hacked. I hope you have since recovered and added more security.
.-= Internet Strategist @GrowMap´s last blog ..How to Write a Review at Merchant Circle =-.
Superb list of wordpress guides collections shared here. I’m new to blogging and wordpress, but these articles really gives a good guide for new users like me. Glad to find this post.
.-= Pet Medication´s last blog ..Pet Medicine =-.
Hi Pet,
There are many posts here that will assist you, especially Selecting Keywords which explains how to make sure your posts and Web pages are easy to locate in the search engines.
.-= Internet Strategist @GrowMap´s last blog ..How to Create and Install Favicons =-.
I hope solution is already provided.
Hi Kate,
Yes, there are solutions in the links I provided in this post.
.-= Internet Strategist @GrowMap´s last blog ..How to Add Your Free Business Listing to infoUSA =-.
I am using Drupal for my blog and I be very careful now thanks for your post it will be very helpful for me. Keep posting
Hi James,
Glad to be of service. Are there many IT jobs in Dubai? I added your site to StumbleUpon and Tweeted it in case others are seeking jobs there.
.-= Internet Strategist @GrowMap´s last blog ..How to Add Your Business to Merchant Circle =-.
thanks for the keywordluv plugin. I wish more sites would follow.
I didn’t know that Gumblar exploit targeted other blogs than WordPress – so good to know because I know that myself and several friends don’t take these type of security precautions with our blogs right now!
Hi Mark,
Yes, I thought some might be interested in what other types of sites are at risk. How’s the coffee biz going? I don’t drink it myself so the only thing I remember is how expensive it got way back when I was still in school – ancient history.
Internet Strategist’s last blog post..Select Keywords First to Make Your Content Easy to Find
Nice linking in the amazing post. Its very informative post for me and my friends. I will share this with another to provide them a very useful information.
well what do when you have been attacted how do you fix the problem?!?!
Hello Ty,
The solutions are provided in the links that I shared in the post. Krista explained what she had to do to remove it in one of the first links I shared here. You may wish to request assistance from someone with advanced technical skills. I would definitely have to do that if my blogs were affected.
InternetStrategist’s last blog post..Be Pro-Active and Take Calculated Risks
If someone is competent enough to hack a website you would think they wouldn’t need to waste their time doing it!
There are exploits out all the time that are not targeted because the majority of competent programmers don’t waste there time but every once in awhile I hear about something like this what a waste of talent!
Jeff’s last blog post..What’s Jeff’s Scam, Niche Marketing
Absolutely! Surely there are productive projects they could be working on. If they’ll work on something useful I’ll even help promote them. I would much rather spend my time on that than fixing what they break.
InternetStrategist’s last blog post..Intelligent Bloggers to Consider Reading
Yeah, people doing this stuff shouldn’t target big blogs. After a big blog is hit it’s only the matter of time before someone creates a solution to the whole problem.
Hi Ken,
Ideally it would be great if spammers,scammers, and crackers would find something productive to do with their lives instead of wasting our time. Not much chance that will happen though so we’ll do what we can to control the damage they cause.
InternetStrategist’s last blog post..New Type of Scraped Comment Blog Spam
Thanks for the mention! I wonder why all this fuss about security started this particular time…
stratosg’s last blog post..Should you be concerned about your WordPress security?
Whenever a well known blog is targeted other bloggers are more likely to hear about it – especially if that blogger guest posts in another well-known blog about it.
Given the huge number of WordPress blogs and the likelihood that a very large percentage of them would not have taken any security precautions I felt now was a good time to cover this subject.
As frequently happens, other bloggers have just posted updated information that makes my style of researching and publishing in an overview useful. As you probably know security doesn’t usually get addressed until there is a scare or incident.
InternetStrategist’s last blog post..The Serious Drawbacks to Using FLASH for Web Design: Usability, SEO, Editability